Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Centmin Mod Getting Started Guide
- # must read http://centminmod.com/getstarted.html
- # For HTTP/2 SSL Setup
- # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
- # redirect from www to non-www forced SSL
- # uncomment, save file and restart Nginx to enable
- # if unsure use return 302 before using return 301
- # server {
- # server_name thetruckstop.us www.thetruckstop.us;
- # return 302 https://thetruckstop.us$request_uri;
- # }
- server {
- listen 443 ssl http2;
- server_name thetruckstop.us www.thetruckstop.us;
- ssl_dhparam /usr/local/nginx/conf/ssl/thetruckstop.us/dhparam.pem;
- ssl_certificate /usr/local/nginx/conf/ssl/thetruckstop.us/thetruckstop.us-acme.cer;
- ssl_certificate_key /usr/local/nginx/conf/ssl/thetruckstop.us/thetruckstop.us-acme.key;
- include /usr/local/nginx/conf/ssl_include.conf;
- http2_max_field_size 16k;
- http2_max_header_size 32k;
- # dual cert supported ssl ciphers
- ssl_ciphers EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
- ssl_prefer_server_ciphers on;
- #add_header Alternate-Protocol 443:npn-spdy/3;
- #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
- #add_header X-Frame-Options SAMEORIGIN;
- #add_header X-Xss-Protection "1; mode=block" always;
- #add_header X-Content-Type-Options "nosniff" always;
- #spdy_headers_comp 5;
- ssl_buffer_size 1369;
- ssl_session_tickets on;
- # enable ocsp stapling
- resolver 8.8.8.8 8.8.4.4 valid=10m;
- resolver_timeout 10s;
- ssl_stapling on;
- ssl_stapling_verify on;
- ssl_trusted_certificate /usr/local/nginx/conf/ssl/thetruckstop.us/thetruckstop.us-acme.cer;
- # ngx_pagespeed & ngx_pagespeed handler
- #include /usr/local/nginx/conf/pagespeed.conf;
- #include /usr/local/nginx/conf/pagespeedhandler.conf;
- #include /usr/local/nginx/conf/pagespeedstatslog.conf;
- # limit_conn limit_per_ip 16;
- # ssi on;
- access_log /home/nginx/domains/thetruckstop.us/log/access.log combined buffer=256k flush=5m;
- error_log /home/nginx/domains/thetruckstop.us/log/error.log;
- root /home/nginx/domains/thetruckstop.us/public;
- location /forum/ {
- index index.php index.html index.htm;
- try_files $uri $uri/ /forum/index.php?$uri&$args;
- }
- location /forum/admin.php {
- auth_basic "Private";
- auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
- include /usr/local/nginx/conf/php.conf;
- allow 127.0.0.1;
- allow 45.79.217.105;
- deny all;
- }
- location /forum/install/data/ {
- internal;
- }
- location /forum/install/templates/ {
- internal;
- }
- location /forum/internal_data/ {
- internal;
- }
- location /forum/library/ {
- internal;
- }
- # xenforo 2 uncomment / remove hash from next 3 lines
- location /forum/src/ {
- internal;
- }
- include /usr/local/nginx/conf/staticfiles.conf;
- include /usr/local/nginx/conf/php.conf;
- #include /usr/local/nginx/conf/drop.conf;
- #include /usr/local/nginx/conf/errorpage.conf;
- include /usr/local/nginx/conf/vts_server.conf;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
